HAPPY CANADA DAY to our Canadian Readers !!
In an effort to alleviate the cyber defense of the Country and the Private Sector, CISA (Cybersecurity & Infrastructure Security Agency) is creating a "Catalog of Bad Practices that are exceptionally risky". This will be an ever evolving list where items will be constantly added.
CISA suggests that all organizations must have an effective Cyber Security Program that avoids or mitigates these bad practices and protects their assets in line with the criticality of risk. The list suggests two Bad Practices that must be avoided or mitigated.
1. Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies.
2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies.
This is an important news as it shows that Government is serious about Cyber Security. All organizations must take their Technology Currency Program seriously as well. The Cyber Security Program must include Technology Vendors and their Subcontractors into consideration when designing and implementing the program. Recent news about Volkswagen data breach and Mercedes Benz data breach are living evidences that a proper vendor governance and vendor's cyber security program must be put in place to secure all assets where the data sits.
0 Comments